Crafting The Perfect Password
Security geeks, including yours truly, are constantly nagging everyone to use strong passwords. But truly secure passwords can be hard to remember. Today I've got a simple recipe to help you create strong passwords that you can easily remember. Does that sound perfect? Read on...
How to Create a Strong, Secure Password
The conventional requirements of a strong password are length (the more the better) and complexity (mixture of upper/lower case letters, plus numbers, plus special characters).
Unfortunately, these requirements produce passwords that no one can remember, so they get written down on a Post-It note, or in a spreadsheet or text file that is not encrypted (because that would require another impossible-to-remember password). So much for security; what’s written down in plain text and left where anyone can get at it is utterly insecure.
The perfect password is one that is both a) easily remembered so it need not be written down, and b) sufficiently complex that guessing it by any of the three common hackers’ techniques - brute-force, common words, and dictionary - takes a lot longer than a hacker would care to spend on the job.
I will add one more criterion: the perfect password must be one that the system it is used on will accept. You have probably noticed that most online systems require passwords of at least 8 characters.
In addition to this length constraint, most systems now require at least one upper-case letter and either a digit (1, 2, 3, etc.) or a special character (+, #, $, and so on). That’s not an impediment to creating a memorable password; just tack the same two required characters, such as “A#” or “B$” onto the end of the password you create. You can remember that every password ends in “A#” or “B$,” can’t you?
Putting The Pieces Together
The beginning of the password can be a simple two- or three-word phrase. Sometimes I choose the title of a book on my shelf, such as "Crossword Puzzles" and add the A# suffix. The resulting password "Crossword PuzzlesA#" would take a hacker 41 years to crack using a high-end home computer.
If a system won’t allow blank spaces in a password, just replace the spaces with dashes or underscores, e. g., “Crossword-PuzzlesA#”. To keep things simple, just use dashes or underscores all the time, so you don't have to remember, “Does the password for this system have spaces or dashes?” Just pick “dash” or “underscore” and use it consistently.
You can test the strength of your newly created password at Kaspersky’s Secure Password site. Enter a password candidate (never one that you’re actually using already) to see how long it would take to break it using:
- a 1982 8-bit ZX Spectrum home computer
- a 2012 Mac Book Pro
- the popular (among hackers) Conficker botnet
- the current world's fastest supercomputer, the Tianhe-2.
The Conficker botnet’s time is probably of most interest. The others are just for fun, really. I don’t know what assumptions Kaspersky’s site makes about the number of password attempts per second. The results I get suggest those numbers may be unreasonably high. So take the results as a conservative estimate.
You might be thinking "Okay, a botnet can send millions of passwords per second. But can the receiving server process (either accept or reject) more than 100 password attempts per second?" Here's the answer: it doesn't have to. These brute force password cracking tools are used when hackers break into a web server, thereby gaining access to the encrypted password database. Once inside, they can transfer that cache of usernames and passwords to another location and attack it at will.
Managing Your Paswords
I mentioned in the sidebar above that password managers can be used to create, store and fill passwords. I regularly login to lots of websites, so that's the approach I choose and recommend. The only downside is that you need to install that tool on every computer or mobile device you use. So if you prefer to do it yourself, my recipe for the perfect password is as follows:
Two or three common words that are memorable to you, but not easily guessed by others
One upper-case letter that never changes
One special character that never changes
This recipe produces a password that will take much longer than my lifetime to break. That seems good enough to me, even perfect. Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 26 May 2016
|For Fun: Buy Bob a Snickers.|
Geekly Update - 25 May 2016
The Top Twenty
[SOLD!] Where to Sell Handmade Goods
There's more reader feedback... See all 39 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Crafting The Perfect Password (Posted: 26 May 2016)
Copyright © 2005 - Bob Rankin - All Rights Reserved